June 14 20, 2017

Page 1

J U N E 14 - 2 0 , 2 0 17 | W E E K LY I N P R I N T | O U D A I LY. C O M

OUDAILY

For 100 years, the student voice of the University of Oklahoma

SECURITY BREACH Lax privacy settings left student data vulnerable

O

U unintentionally exposed thousands of OU students’ educational records — including social security numbers, financial aid information and grades in records dating to at least 2002 — through lax privacy settings in a campus file-sharing network, violating federal law. The university scrambled to safeguard the files late Tuesday after learning The Daily had discovered the breach last week. The Daily spoke to vice president for admissions and records Matt Hamilton Tuesday afternoon, when he said OU IT was aware of the breach and was working to secure the files. OU press secretary Matt Epting provided the following statement late Tuesday night: “The IT Security team

VOL. 102, NO. 64 © 2017 OU Publications Board FREE — Additional copies 25¢

DANA BRANHAM • @DANABRANHAM has found no evidence to confirm that there has been a breach by an outside party, and is investigating the scenario that enabled an individual to access the files the individual has claimed to download.” At no point did The Daily suggest there had been an outside breach, but rather that lax security measures allowed email users more access to educational records than should have been allowed. In just 30 of the hundreds of documents made publicly discoverable on Microsoft Office Delve, there were more than 29,000 instances in which students’ private information was made public to users within OU’s email system. Each instance could constitute a violation of the Family Educational Rights and Privacy Act, which gives students control over who can access their educational records. “This isn’t even gray. It’s very clear in FERPA — you’ve got to have signed consent to do

SPORTS

OU ATHLETICS CREATES CHAMPIONSHIP CULTURE

this or meet one of the exceptions to signed consent,” said FERPA expert LeRoy Rooker when briefed on the scope of the OU breach. “This doesn’t fit either of these.” Rooker headed the Family Policy C o m p l i a n c e O f f i c e i n t h e U. S . Department of Education, the office that administers FERPA, for more than two decades. He said he was certain the files were disclosed unintentionally: no one sets out to violate FERPA. Schools violating the law can have their federal funding pulled, though they’re always given a chance to remedy the situation and avoid the penalty. “I know the people there, from (OU President) David Boren on down — Matt Hamilton, all of them — they’re very FERPAc o n s c i o u s,” R o o k e r s a i d . “Something slipped through the cracks. Somewhere, somebody didn’t know what they were doing or a vendor didn’t educate them.” see BREACH page 7

4-5

NEWS

THERE WERE

29,483

INSTANCES OF A STUDENT’S FERPAPROTECTED INFORMATION BEING IMPROPERLY DISCLOSED.

18,668

FINANCIAL AID RECORDS FOR INCOMING FRESHMEN WERE ALSO DISCLOSED.

OU REFLECTS AFTER STUDENT’S DEATH

7

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.